Use of non-volatile based storage devices has been rapidly increasing over the years because they are portable and they have small physical size and large storage capacity. Storage devices come in a variety of designs. Some storage devices are regarded as “embedded”, meaning that they cannot, and are not intended to customarily be removed by a user from a host device with which they operate. Other storage devices are removable, which means that the user can move them from one host device to another, or replace a storage device with another. Other storage devices, which are commonly known as “Disk-on-Key” devices, are provided with a Universal Serial Bus (“USB”) interface in order to allow them to be connected to a computer system, for example. A flash storage device that is provided with a USB interface is also known in the field as a USB Flash Drive, or UFD. MultiMedia Card (“MMC”), Secure Digital (“SD”), miniSD, and microSD, are exemplary flash storage devices that are used with a variety of host devices such as multimedia players (e.g., MP3 and MP4 players), digital cameras, computer laptops, Global Positioning System (“GPS”) devices, and so on.
When a removable storage device is connected to a host device, a handshake phase is commenced. Briefly, handshaking is an automated process of negotiation that dynamically sets parameters of a communication channel established between two entities (e.g., a host device and an external storage device) before normal communication over the channel begins. That is, handshaking is triggered by the establishment of the physical channel and it precedes the establishment of the logical channel and normal information transfer. During handshake, a computer system establishes rules for communication with the external device with which it is going to communicate, which rules may refer, for example, to information transfer rate, coding alphabet, communication protocol, hardware features, and so on.
Various forms of malware can automatically infect a media that was just connected to a compromised computer system. For example, merely mounting a USB drive, or a memory card, and in general any like portable storage device, into an infected host device may be enough to transfer a malware to the portable storage device. Infecting the portable storage device by a host device may happen during a time window between the completion of the handshake phase and the time at which the host loads an anti-malware application from the storage device. Because executing an anti-malware application usually requires large computing resources, it has to be loaded from the storage device into, and be executed on, the host device rather than on the storage device. However, loading an anti-malware application to the host device and launching it takes time during which the storage device is susceptible to virus attacks from the host device.
There are storage devices that are not provided with an anti-virus or an anti-malware application and, therefore, they have to rely on their host device's anti-virus capability. However, when such a storage device is connected to a host device, it takes a while before the host device acknowledges to the storage device that the storage device can trust the host device's anti-virus capability. Until then the storage device may be infected with a virus.
Some portable storage devices are provided with an anti-virus or an anti-malware application to protect the integrity of the data stored therein, and to protect the storage device in general. However, because of the storage device's limited computational power and resources required to execute anti-virus applications, such applications are usually executed on the host device with which a storage device operates rather than by the storage device. Therefore, in order to provide to the storage device the anti-virus protection it requires, one of the initialization steps taken by the storage device during the storage device's initialization phase involves transferring, by the storage device, the anti-virus application to the host device, on which it can run. So long as the storage device's anti-virus application is not running on the host device the storage device can be infected with viruses.
FIG. 1 shows a typical storage device 100. Storage device 100 typically includes a storage area 110 for storing digital data, a storage controller 120 that manages storage area 110 via data and control lines 130 and communicates with host device 140 via host interface 150. Storage area 110 may be of a NAND flash variety.
Storage controller 120 controls all of the data storage and data retrieval to/from storage area 110 and data transfer to/from host device 140. Storage area 110 may contain user and other types of files, protected data that is allowed to be used only by authorized host devices, and security data that is used internally, by storage controller 120. Host devices (e.g., host device 140) cannot directly access storage area 110. That is, if, for example, host device 140 asks for, or needs data from, storage device 100, host device 140 has to request it from storage controller 120, regardless of where in storage area 110 the requested data is held.
When storage device 100 is connected to host device 140, storage device 100 remains virus-wise unprotected until anti-virus application 115 is downloaded to, and executed on, host device 140. Alternatively, if storage device 100 is not provided with an anti-virus application such as anti-virus application 115, storage device 100 has no option other than to trust host device 140 that host device 140 is executing a proper anti-virus application of its own. “Knowing”, by storage device 100, whether host device 140 can be trusted virus-wise takes time (i.e., the handshake and initialization periods) during which the storage device may be infected by host device 140.
The presence of malware and viruses in a host is therefore an information security and integrity issue. Therefore there is a need to deal with this issue in order to better protect storage devices, for example when they are initialized.